I can reproduce this if I add a 'sleep 10' right before the dnsmasq call in /etc/init/lxc-net.conf, so it appears to be purely timing related. (in other words, bind will always by default attach to all interfaces as they come up; it's not anything in your configs)

This bug just hit me in Ubuntu 14.04 LTS and is quite serious because LTS is used in servers, and it is common to try to have virtualization (LXC) as well as being configured as DNS servers (bind9).

Additionally, under some configurations at least, the whole DNS resolving becomes malfunctioning as 10.0.3.1 is the first entry in /etc/resolv.conf (put by resolvconf / dnsmasq) but it is not accessible. As a result, any DNS resolving wait some seconds for a timeout!

A detailed workaround without reboot:

1. Add this line in /etc/bind/named.conf.options before the last line::

Marking this won't fix for LXD since LXD is now letting API users create bridges dynamically which makes generating .d files very impractical for us. We may however be able to add a check for this issue and at least report a better error to the user.

For LXC, we could still use a .d mechanism since we have a fixed bridge there.